Time and time again, data-breach headlines illustrate the cost of ignoring basic security. Regularly updating software is Security 101, especially if the application in question is public-facing or accessible over the Internet.
For content management systems such as WordPress, Drupal, and Joomla, you have to update the core. More important, you have to update the modules and plugins. Having the latest software is not going to mean much if the attackers can just waltz through security holes in plugins and third-party modules.
The Panama Papers leak, exposing how politicans and the wealthy hide money from being taxed, may have been made possible because the law firm that was hacked didn’t do that Security 101.